To change the VM's mac address, shut it down, then change it via the VM's Network Adapter's settings (click 'Advanced Options' to modify the MAC address).Īlright, let's run the damn Installer.app already!įirst thing, LuLu (my soon-to-be-released macOS firewall!) detects an outgoing network connection: Apparently this is common trick used in macOS adware! Thomas Reed ( correctly guessed that this 'VM detection' is done by examining the MAC address (VMWare VMs have 'recognizable' MAC address). This is required step, because it turns out that the installer actually doesn't do anything malicious, (besides actually installing a legit copy of Flash), if it detects it running in VM. Now, before we run this in a VM - let's change the MAC address of the virtual machine. $ strings -a ~/Downloads/Mughthesec/Installer.app/Contents/MacOS/mac | grep http
Using spctl, we can confirm the disk image's certificate is still valid (i.e. Using WhatsYourSign, we can examine the signing info:
Uploaded to VirusTotal on August 4th as Player.dmg, it currently remains undetected: Let's start with the installer disk image. Gavriel was kind enough to share a sample ( 'Mughthesec') with me, and that, coupled with the assistance from another security researcher, led to recovery of what appeared to be the original installer (sha256: f5d76324cb8fcae7f00b6825e4c110ddfd6b32db452f1eca0f4cff958316869c)Īs neither the sample, Mughthesec, nor the (signed!) installer were detected by any AV engines on Virus Total I decided to take a closer look. ~/Library/Application Support/com.Mughthesec/Mughthesec.Only in Safari." Following another user's suggestion, 'giveen ' ran EtreCheck which noted several "unknown files:" Posted on August 2nd, user 'giveen' stated that, "Only in Safari, when this specific user logins, it does not render Gmail correctly. Interestingly, googling " Mughthesec" only returned one relevant hit a post on Apple's online's forums tilted "Safari does not render Gmail correctly". Yesterday Gavriel State ( posted an interesting tweet: Exit the Reset Outlook Recent Addresses tool.Want to play along? I've shared the adware, which can be downloaded here (password: infect3d).
The Default Mail Application tool lets you easily make Outlook the default mail application. Exit the Outlook Reset Preferences tool.This closes Outlook if it's open, and then resets the preferences to their default settings. Download and open the Outlook Reset Preferences tool.Also, resetting Outlook preferences doesn't remove email messages or account settings. Note The Outlook Preferences file doesn't contain all the preferences for the application. This tool shouldn't be needed most of the time. This tool also stores the settings for the Outlook window size and position. Use this tool to reset any customizations that you've made to Outlook by using the Preferences option on the Outlook menu. The Outlook Reset Preferences tool resets all Outlook preferences to their default settings. A spotlight search will be slower and may not finish while the index is being repaired.Įxit the Outlook Search Repair tool when you receive the following message after the repair is completed: Outlook doesn't have to be open when the repair occurs. This may require an hour or more, depending on the size of your Outlook profile. The Outlook Search Repair tool displays a "Reindexing, please wait" message while it works.